package com.itheima.health.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

/**
 * @Author: liangWeiQUQ
 * @Description: 配置资源的权限信息
 * @DateTime: 2021/3/8 15:09
 **/
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)//开启全局的权限注解
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    private CustomerUserDetail customerUserDetail;

    
    /**
     * @Author: 传闻中的梁大侠
     * @Date: 15:13 2021/3/8
     * @Parms [auth]
     * @ReturnType: void
     * @Description: 加载用户资源信息
     */

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        //加载用户的资源配置信息
        auth.userDetailsService(customerUserDetail);
    }
    /**
       * @Author: 传闻中的梁大侠 
       * @Date: 15:14 2021/3/8
       * @Parms [http]
       * @ReturnType: void
       * @Description: 加载保护资源的信息
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.headers().frameOptions().disable();
       //关闭跨站
        http.csrf().disable();
        //登录请求
        http.formLogin()
                .loginPage("http://localhost:8080/pages/login.html")//登录页面
                .loginProcessingUrl("/user/login") //登录请求地址
                .successForwardUrl("/user/loginSuccess") //登录成功后转发地址
                .failureForwardUrl("/user/loginFail"); //登录失败后的转发地址
        //登出请求
        //登出信息设置
        http.logout().logoutUrl("/sec/logout")
                .logoutSuccessUrl("http://localhost:8080/pages/login.html"); //登出成功后的请求地址

    }
}
